Over 1,000 U.S. Businesses Infected with Backoff PoS Malware

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

The New York Times reports that the U.S. Department of Homeland Security (DHS) recently issued an advisory warning that more than 1,000 American business have already been impacted by the Backoff point-of-sale (PoS) malware.

The DHS advisory notes that, because the malware was first detected in October 2013 but wasn't recognized by most anti-virus solutions until August 2014, many victims are likely still unaware that they've been compromised.

"Over the past year, the Secret Service has responded to network intrusions at numerous businesses throughout the United States that have been impacted by the Backoff malware," the advisory states. "Seven PoS system provider/vendors have confirmed that they have had multiple clients affected."

Recent high-profile breaches leveraging Backoff have impacted 51 UPS Store locations and 180 Supervalu supermarkets and liquor stores.

All businesses are urged to check with their IT teams, anti-virus vendors, managed service providers and/or PoS system vendors to determine whether they may be vulnerable.

"Companies that believe they have been the victim of this malware should contact their local Secret Service field office and may contact the NCCIC [National Cybersecurity and Communications Integration Center] for additional information," the DHS dvisory states.

Trustwave threat intelligence manager Karl Sigler recently provided eSecurity Planet with a demonstration of the Backoff malware at the Black Hat USA 2014 conference.

RedSeal Networks CTO Dr. Mike Lloyd said by email that the malware serves as a clear reminder to businesses and consumers that all infrastructure is now interconnected. "In the past, there were air gaps -- ATM machines weren’t on the same network as point of sale devices, and all the banking infrastructure was separate from the power companies," he said. "However, the spread of Internet connectivity (including the Internet of Things) means the old and lazy assumption of 'you can’t get there from here' is out the window."

"Defense is now about controlled network segmentation -- making sure you take the trouble to build perimeters around the assets you must defend," Lloyd added. "This is harder than old-world air gap-based defenses, and requires constant oversight to look for holes in the virtual fence."

In this case, Malwarebytes Labs senior security researcher Jerome Segura said by email, simple anti-virus isn't enough. "In addition to keeping their PoS systems updated and running security solutions such as anti-virus and anti-malware, companies need to review their remote access policies, segregate their networks and have network traffic tools to detect potential data exfiltration," he said.